kobayashi maru
Level 1 (29 points)
Desktops

Q: Error message when configuring ARD client from the command line

I have ARD 3.8, the clients ARDAgent is version 3.8.5 (these are both the latest versions AFAIK), both machines on OS 10.11.5.

 

When I remote into the client machine from the Terminal I try to run this command:

 

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/k ickstart -activate -configure -access -on -users [usermame] -privs -all -restart -agent -menu

 

And I get this error message:

 

LSOpenURLsWithRole() failed with error -600 for the file /System/Library/CoreServices/Menu Extras/RemoteDesktop.menu

 

Any ideas on what this is and how to resolve it?

 

Thanks.

 

Posted on Jun 16, 2016 6:44 AM

Close
kobayashi maru

Q: Error message when configuring ARD client from the command line

  • All replies
  • Helpful answers

  • by Antonio Rocco,

    Antonio Rocco Antonio Rocco Jun 16, 2016 8:33 AM in response to kobayashi maru
    Level 6 (10,577 points)
    Servers Enterprise
    Jun 16, 2016 8:33 AM in response to kobayashi maru

    You can't use sudo in the Send UNIX Command option. Remove sudo, try again but this time make sure you select "Send as Root".

     

    However the command may still fail because Apple added an extra layer of security in El Capitan known as "rootless mode" or SIP (System Integrity Protection). This means even sending commands as root won't work. You can disable SIP with the csrutil command using Terminal whilst in Recovery mode on the hardware you wish to send the commands to. If you're intending on sending commands that need elevation to root access on a regular basis then it may be a good idea to disable SIP on the hardware you're intending to support. For me and if these were devices static to a private LAN with non-admin users using them, then I would not regard disabling SIP as being a security risk. The decision as always is up to you.

     

    Hope this helps, Tony

  • by kobayashi maru,

    kobayashi maru kobayashi maru Jun 17, 2016 5:26 AM in response to Antonio Rocco
    Level 1 (29 points)
    Desktops
    Jun 17, 2016 5:26 AM in response to Antonio Rocco

    Thanks for responding.

     

    "You can't use sudo in the Send UNIX Command option. Remove sudo, try again but this time make sure you select "Send as Root"."

     

    I'm not using the Send UNIX Command option, I'm using the Terminal app. In ARD, the client status is showing as "Access denied" so the Send UNIX Command option won't work. Through the Terminal, I used the command to activate Remote Management.

     

    "However the command may still fail because Apple added an extra layer of security in El Capitan known as "rootless mode" or SIP (System Integrity Protection)."

     

    I made sure to disable SIP because it was also preventing a few other things from working.

     

    I also made sure that root was (temporarily) enabled.

  • by kobayashi maru,

    kobayashi maru kobayashi maru Jun 23, 2016 6:40 AM in response to kobayashi maru
    Level 1 (29 points)
    Desktops
    Jun 23, 2016 6:40 AM in response to kobayashi maru

    Update: I've done more testing and it seems restricted to those with ARD 3.8.5 clients.

     

    It's been working fine with those who have ARD 3.8.4.

     

    I doubt there's a way to roll peoples' ARD clients back en masse (if anyone knows of a way, please let me know), so I might have to live with it until Apple fixes it.

  • by TeenTitan,

    TeenTitan TeenTitan Jun 25, 2016 11:00 PM in response to kobayashi maru
    Level 4 (2,454 points)
    Jun 25, 2016 11:00 PM in response to kobayashi maru

    Have you tried safeboot on the effected client computer? Do you still have the issue?

    Have you tried instaling 10.11.5 combo update?